Refactor stackalloc usage in TLS

author: Peter Dettman <peter.dettman@bouncycastle.org> 2022-10-06 11:26:55 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2022-10-06 11:26:55 +0700
commit: 191747864ead7d9b2167b01000ab322517f817c7 (patch)
tree: 7b33d31af5451cf2a95fa5a683760732af4991ff
parent: Refactor stackalloc usage (diff)
download: BouncyCastle.NET-ed25519-191747864ead7d9b2167b01000ab322517f817c7.tar.xz
5 files changed, 18 insertions, 7 deletions
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index b1b42f4bf..1903065f1 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -237,7 +237,10 @@ namespace Org.BouncyCastle.Tls.Crypto
             int contextLength = context.Length;
             int expandedLabelLength = Tls13Prefix.Length + labelLength;
 
-            Span<byte> hkdfLabel = stackalloc byte[2 + (1 + expandedLabelLength) + (1 + contextLength)];
+            int hkdfLabelLength = 2 + (1 + expandedLabelLength) + (1 + contextLength);
+            Span<byte> hkdfLabel = hkdfLabelLength <= 512
+                ? stackalloc byte[hkdfLabelLength]
+                : new byte[hkdfLabelLength];
 
             // uint16 length
             {
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 73fc9e98a..046e6883f 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             int keyBlockSize = (2 * keySize) + (2 * m_fixed_iv_length);
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             if (isServer)
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index c8774f9bb..ed9d68649 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -74,7 +74,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
@@ -88,8 +90,8 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 
             if (m_useExplicitIV)
             {
-                clientCipher.Init(stackalloc byte[clientIVLength]);
-                serverCipher.Init(stackalloc byte[serverIVLength]);
+                clientCipher.Init(clientIVLength <= 64 ? stackalloc byte[clientIVLength] : new byte[clientIVLength]);
+                serverCipher.Init(serverIVLength <= 64 ? stackalloc byte[serverIVLength] : new byte[serverIVLength]);
             }
             else
             {
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
index b21e46eed..5b6b5663a 100644
--- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -21,7 +21,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             int keyBlockSize = clientMac.MacLength + serverMac.MacLength;
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-            Span<byte> keyBlock = stackalloc byte[keyBlockSize];
+            Span<byte> keyBlock = keyBlockSize <= 512
+                ? stackalloc byte[keyBlockSize]
+                : new byte[keyBlockSize];
             TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
 
             clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
index 6fe2da491..683806347 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs
@@ -168,7 +168,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
                 byte[] okm = new byte[length];
 
-                Span<byte> t = stackalloc byte[hashLen];
+                Span<byte> t = hashLen <= 128
+                    ? stackalloc byte[hashLen]
+                    : new byte[hashLen];
                 byte counter = 0x00;
 
                 int pos = 0;
author	Peter Dettman <peter.dettman@bouncycastle.org>	2022-10-06 11:26:55 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2022-10-06 11:26:55 +0700
commit	191747864ead7d9b2167b01000ab322517f817c7 (patch)
tree	7b33d31af5451cf2a95fa5a683760732af4991ff
parent	Refactor stackalloc usage (diff)
download	BouncyCastle.NET-ed25519-191747864ead7d9b2167b01000ab322517f817c7.tar.xz